CVE-2020-6770 CRITICAL

CVE-2020-6770: Deserialization of Untrusted Data in Bosch BVMS Mobile Video Service

Vendor Bosch
Product DIVAR IP 3000
Weakness CWE-502 · Unsafe deserialization
Published February 7, 2020
Last update September 17, 2024

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000 and DIVAR IP 7000 if a vulnerable BVMS version is installed.

Key dates

02Disclosure timeline

February 7, 2020 CVE published
September 17, 2024 Record updated

Related vulnerabilities

04Related CVE